]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
Cosmetic changes in TLS session debug output
authorArran Cudbard-Bell <a.cudbardb@freeradius.org>
Tue, 1 Jun 2021 21:52:05 +0000 (16:52 -0500)
committerArran Cudbard-Bell <a.cudbardb@freeradius.org>
Tue, 1 Jun 2021 21:52:05 +0000 (16:52 -0500)
src/lib/tls/session.c

index 0722dcde6132c6c563b91c2e659191e94017f8ca..4f15fee8631a209ddaafe31f4afa54c653558249 100644 (file)
@@ -545,20 +545,26 @@ void fr_tls_session_info_cb(SSL const *ssl, int where, int ret)
 
                                server_ciphers = SSL_get_ciphers(ssl);
                                RDEBUG3("Our preferred ciphers (by priority)");
-                               num_ciphers = sk_SSL_CIPHER_num(server_ciphers);
-                               for (i = 0; i < num_ciphers; i++) {
-                                       this_cipher = sk_SSL_CIPHER_value(server_ciphers, i);
-                                       RDEBUG3("[%i] %s", i, SSL_CIPHER_get_name(this_cipher));
+                               if (RDEBUG_ENABLED3) {
+                                       RINDENT();
+                                       num_ciphers = sk_SSL_CIPHER_num(server_ciphers);
+                                       for (i = 0; i < num_ciphers; i++) {
+                                               this_cipher = sk_SSL_CIPHER_value(server_ciphers, i);
+                                               RDEBUG3("[%i] %s", i, SSL_CIPHER_get_name(this_cipher));
+                                       }
+                                       REXDENT();
                                }
 
                                RDEBUG3("Client's preferred ciphers (by priority)");
-                               RINDENT();
-                               num_ciphers = sk_SSL_CIPHER_num(client_ciphers);
-                               for (i = 0; i < num_ciphers; i++) {
-                                       this_cipher = sk_SSL_CIPHER_value(client_ciphers, i);
-                                       RDEBUG3("[%i] %s", i, SSL_CIPHER_get_name(this_cipher));
+                               if (RDEBUG_ENABLED3) {
+                                       RINDENT();
+                                       num_ciphers = sk_SSL_CIPHER_num(client_ciphers);
+                                       for (i = 0; i < num_ciphers; i++) {
+                                               this_cipher = sk_SSL_CIPHER_value(client_ciphers, i);
+                                               RDEBUG3("[%i] %s", i, SSL_CIPHER_get_name(this_cipher));
+                                       }
+                                       REXDENT();
                                }
-                               REXDENT();
                        }
 #endif
                } else {
@@ -581,7 +587,7 @@ void fr_tls_session_info_cb(SSL const *ssl, int where, int ret)
                         */
                        switch (ret & 0xff) {
                        case TLS1_AD_UNKNOWN_CA:
-                               REDEBUG("Verify client has copy of CA certificate, and trusts CA");
+                               REDEBUG("Verify client has copy of CA certificate (and trusts CA)");
                                break;
 
                        default: